feat(queries): fix equals pattern matching regal lint issue

.github/workflows/validate-rego.yaml

@@ -0,0 +1,24 @@
+name: validate-rego
+
+on:
+  pull_request:
+    paths:
+      - "assets/**/*.rego"
+
+jobs:
+  lint-rego:
+    name: Run Regal Linter on Rego Files
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Setup Regal
+        uses: StyraInc/setup-regal@33a142b1189004e0f14bf42b15972c67eecce776 #v1.0.0
+        with:
+          version: v0.31.0
+
+      - name: Run Regal Linter
+        run: regal lint --format=github assets --config-file=assets/.regal/config.yml

assets/.regal/config.yml

@@ -0,0 +1,138 @@
+# Since the linting rules will be tackled in separate PRs, we are temporarily ignoring all rules.
+# We will update rule severities as each PR is merged.
+
+rules:
+  bugs:
+    not-equals-in-loop:
+      # https://docs.styra.com/regal/rules/bugs/not-equals-in-loop
+      level: ignore
+    rule-shadows-builtin:
+      # https://docs.styra.com/regal/rules/bugs/rule-shadows-builtin
+      level: warn
+    var-shadows-builtin:
+      # https://docs.styra.com/regal/rules/bugs/var-shadows-builtin
+      level: warn
+    unused-output-variable:
+      # https://docs.styra.com/regal/rules/bugs/unused-output-variable
+      level: ignore
+    deprecated-builtin:
+      # https://docs.styra.com/regal/rules/bugs/deprecated-builtin
+      level: ignore
+    leaked-internal-reference:
+      # https://docs.styra.com/regal/rules/bugs/leaked-internal-reference
+      level: ignore
+    sprintf-arguments-mismatch:
+      # https://docs.styra.com/regal/rules/bugs/sprintf-arguments-mismatch
+      level: ignore
+    inconsistent-args:
+      # https://docs.styra.com/regal/rules/bugs/inconsistent-args
+      level: ignore
+    redundant-existence-check:
+      # https://docs.styra.com/regal/rules/bugs/redundant-existence-check
+      level: ignore
+  idiomatic:
+    no-defined-entrypoint:
+      # https://docs.styra.com/regal/rules/idiomatic/no-defined-entrypoint
+      # No single entrypoint for this project
+      level: ignore
+    # temporary
+    non-raw-regex-pattern:
+      # https://docs.styra.com/regal/rules/idiomatic/non-raw-regex-pattern
+      level: warn
+    use-in-operator:
+      # https://docs.styra.com/regal/rules/idiomatic/use-in-operator
+      level: warn
+    use-some-for-output-vars:
+      # https://docs.styra.com/regal/rules/idiomatic/use-some-for-output-vars
+      # These would be good to address, but would require a concentrated effort
+      level: ignore
+    custom-has-key-construct:
+      # https://docs.styra.com/regal/rules/idiomatic/custom-has-key-construct
+      level: warn
+    equals-pattern-matching:
+      # https://docs.styra.com/regal/rules/idiomatic/equals-pattern-matching
+      level: warn
+    use-contains:
+      # https://docs.styra.com/regal/rules/idiomatic/use-contains
+      level: ignore
+    use-if:
+      # https://docs.styra.com/regal/rules/idiomatic/use-if
+      level: ignore
+    directory-package-mismatch:
+      # https://docs.styra.com/regal/rules/idiomatic/directory-package-mismatch
+      level: ignore
+    custom-in-construct:
+      # https://docs.styra.com/regal/rules/idiomatic/custom-in-construct
+      level: ignore
+  style:
+    avoid-get-and-list-prefix:
+      # https://docs.styra.com/regal/rules/style/avoid-get-and-list-prefix
+      level: ignore
+    external-reference:
+      # https://docs.styra.com/regal/rules/style/external-reference
+      level: ignore
+    file-length:
+      # https://docs.styra.com/regal/rules/style/file-length
+      level: ignore
+    line-length:
+      # https://docs.styra.com/regal/rules/style/line-length
+      level: ignore
+    no-whitespace-comment:
+      # https://docs.styra.com/regal/rules/style/no-whitespace-comment
+      level: warn
+    opa-fmt:
+      # https://docs.styra.com/regal/rules/style/opa-fmt
+      level: warn
+    prefer-some-in-iteration:
+      # https://docs.styra.com/regal/rules/style/prefer-some-in-iteration
+      # 10000+ violations fixed but way more to go
+      level: ignore
+    prefer-snake-case:
+      # https://docs.styra.com/regal/rules/style/prefer-snake-case
+      level: ignore
+    rule-length:
+      # https://docs.styra.com/regal/rules/style/rule-length
+      level: ignore
+    todo-comment:
+      # https://docs.styra.com/regal/rules/style/todo-comment
+      # only one TODO comment in the codebase to fix this issue
+      level: ignore
+    use-assignment-operator:
+      # https://docs.styra.com/regal/rules/style/use-assignment-operator
+      level: ignore
+    rule-name-repeats-package:
+      # https://docs.styra.com/regal/rules/style/rule-name-repeats-package
+      level: ignore
+    messy-rule:
+      # https://docs.styra.com/regal/rules/style/messy-rule
+      level: ignore
+    comprehension-term-assignment:
+      # https://docs.styra.com/regal/rules/style/comprehension-term-assignment
+      level: ignore
+    pointless-reassignment:
+      # https://docs.styra.com/regal/rules/style/pointless-reassignment
+      level: ignore
+    unconditional-assignment:
+      # https://docs.styra.com/regal/rules/style/unconditional-assignment
+      level: ignore
+    default-over-else:
+      # https://docs.styra.com/regal/rules/style/default-over-else
+      level: ignore
+  imports:
+    use-rego-v1:
+      # https://docs.styra.com/regal/rules/imports/use-rego-v1
+      level: ignore
+    redundant-alias:
+      # https://docs.styra.com/regal/rules/performance/non-loop-expression
+      level: ignore
+    import-after-rule:
+      # https://docs.styra.com/regal/rules/imports/import-after-rule
+      level: ignore
+  performance:
+    non-loop-expression:
+      # https://docs.styra.com/regal/rules/performance/non-loop-expression
+      level: ignore
+    defer-assignment:
+      # https://docs.styra.com/regal/rules/performance/defer-assignment
+      level: ignore
+

assets/libraries/ansible.rego

@@ -1,5 +1,7 @@
 package generic.ansible
 
+import future.keywords.in
+
 # Global variable with all tasks in input
 tasks := TasksPerDocument
 
@@ -33,14 +35,12 @@ getTasksFromBlocks(playbook) = result {
 		not task.block
 		validPath(path)
 	]
-} else = [playbook] {
-	true
-}
+} else = [playbook]
 
 # Validates the path of a nested element inside a block task to assure it's a task
 validPath(path) {
 	count(path) > 1
-	validGroup(path[minus(count(path), 2)])
+	validGroup(path[count(path) - 2])
 }
 
 # Identifies a block task
@@ -95,10 +95,8 @@ allowsPort(allowed, port) {
 	low <= portNumber
 	high >= portNumber
 } else {
-	allowed.ports[_] == port
-} else = false {
-	true
-}
+	port in allowed.ports
+} else = false
 
 # Checks if a given port is included in a network rule
 isPortInRule(rule, portNumber) {
@@ -112,7 +110,7 @@ isPortInRule(rule, portNumber) {
 }
 
 isPortInRule(rule, portNumber) {
-	rule.ports[_] == portNumber
+	portNumber in rule.ports
 }
 
 isPortInRule(rule, portNumber) {
@@ -149,11 +147,11 @@ isEntireNetwork(cidr) {
 }
 
 installer_modules := [
-	"community.general.apk", "ansible.builtin.apt", "ansible.builtin.apt", "community.general.bundler", "ansible.builtin.dnf", "community.general.easy_install", 
-	"community.general.gem", "community.general.homebrew", "community.general.jenkins_plugin", "community.general.npm", "community.general.openbsd_pkg", 
-	"ansible.builtin.package", "ansible.builtin.package", "community.general.pear", "community.general.pacman", "ansible.builtin.pip", "community.general.pkg5", 
-	"community.general.pkgutil", "community.general.pkgutil", "community.general.portage", "community.general.slackpkg", "community.general.sorcery", 
-	"community.general.swdepot", "win_chocolatey", "community.general.yarn", "ansible.builtin.yum", "community.general.zypper", "apk", "apt", "bower", "bundler", 
-	"dnf", "easy_install", "gem", "homebrew", "jenkins_plugin", "npm", "openbsd_package", "openbsd_pkg", "package", "pacman", "pear", "pip", "pkg5", "pkgutil", 
+	"community.general.apk", "ansible.builtin.apt", "ansible.builtin.apt", "community.general.bundler", "ansible.builtin.dnf", "community.general.easy_install",
+	"community.general.gem", "community.general.homebrew", "community.general.jenkins_plugin", "community.general.npm", "community.general.openbsd_pkg",
+	"ansible.builtin.package", "ansible.builtin.package", "community.general.pear", "community.general.pacman", "ansible.builtin.pip", "community.general.pkg5",
+	"community.general.pkgutil", "community.general.pkgutil", "community.general.portage", "community.general.slackpkg", "community.general.sorcery",
+	"community.general.swdepot", "win_chocolatey", "community.general.yarn", "ansible.builtin.yum", "community.general.zypper", "apk", "apt", "bower", "bundler",
+	"dnf", "easy_install", "gem", "homebrew", "jenkins_plugin", "npm", "openbsd_package", "openbsd_pkg", "package", "pacman", "pear", "pip", "pkg5", "pkgutil",
 	"portage", "slackpkg", "sorcery", "swdepot", "win_chocolatey", "yarn", "yum", "zypper",
-]
+]

assets/libraries/azureresourcemanager.rego

@@ -2,20 +2,20 @@ package generic.azureresourcemanager
 
 # gets the network security group properties for two types of resource ('Microsoft.Network/networkSecurityGroups' and 'Microsoft.Network/networkSecurityGroups/securityRules')
 get_sg_info(value) = typeInfo {
-    value.type == "Microsoft.Network/networkSecurityGroups/securityRules"
+	value.type == "Microsoft.Network/networkSecurityGroups/securityRules"
 	typeInfo := {
-		"type": value.type, 
-		"properties": value.properties, 
+		"type": value.type,
+		"properties": value.properties,
 		"path": "resources.type={{Microsoft.Network/networkSecurityGroups/securityRules}}.properties",
-		"sl": ["properties"]
-   }   
+		"sl": ["properties"],
+	}
 } else = typeInfo {
 	value.type == "securityRules"
 	typeInfo := {
-		"type": value.type, 
-		"properties": value.properties, 
+		"type": value.type,
+		"properties": value.properties,
 		"path": "resources.type={{securityRules}}.properties",
-		"sl": ["properties"]
+		"sl": ["properties"],
 	}
 }
 
@@ -84,11 +84,10 @@ isParameterReference(valueToCheck) = parameterName {
 	parameterName := trim_right(trim_left(trim_left(valueToCheck, "[parameters"), "('"), "')]")
 }
 
-
-isDisabledOrUndefined(doc, resource, parametersPath){
+isDisabledOrUndefined(doc, resource, parametersPath) {
 	object.get(resource, split(parametersPath, "."), "not defined") == "not defined"
 } else {
-	value := object.get(resource, split(parametersPath, "."),"")
+	value := object.get(resource, split(parametersPath, "."), "")
 	[check, _] := getDefaultValueFromParametersIfPresent(doc, value)
 	check == false
 }

assets/libraries/cicd.rego

@@ -1,2 +1 @@
 package generic.cicd
-